DebianThis forum is for the discussion of Debian Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I want to consider myself rather disconnected, these days, but use to contradict myself when I check the newsgroups, like linux.debian.announce.security.
Although I have updated our Debian systems regularly but - since I take Usenet more seriously again - the last few times I had been triggered by alerts on Thunderbird. My wife uses Thunderbird.
I show you the screenshot of the topics posted since the 5th of November in linux.debian.announce.security.
Has it always been that way, or is Mozilla suffering from something?
Last edited by Michael Uplawski; 11-24-2020 at 12:10 AM.
At a glance, it doesn't seem like it's gotten any worse.
Thank you.
In the chart, the “code execution” problems appear to be low for almost three years. This is difficult to compare to other software, but I appreciate – of course – that we are alerted about latest bug-fixes.
You should be more concerned if you don't see frequent security updates. Seeing them means that there is active development and maintenance. There will always be bugs in a program as large as Thunderbird or Firefox, and they need to be fixed as they are found. Google and Mozilla both have frequent security updates, and their software is reasonably secure. I don't really know about Microsoft and Apple, because I don't use their products, and thus don't try to keep up with them. Having frequent security updates is a good thing. If you see months go by without updates, then you should be afraid.
If you see months go by without updates, then you should be afraid.
There may be software like that. And there is other software.
I prefer to have no one-size-fits-all theory concerning the need for security updates. Anything which touches the Internet may be more sensible than other programs, but I use the slrn newsreader and cannot through it into the same drawer. I agree that active development is a criterion if necessary things are under development. Bugs are introduced this way, glitches arrive and are corrected. On the other hand many software packages are scarcely updated. I venture that they come with less need for urgent fixes, too.
Perhaps worded unartfully. If you stop seeing updates for Mozilla products, be afraid. I cannot speak to every software application ever written. But with new exploits being found all the time, what was secure last year may not be today. If a package hasn't been underdevelopment for more than a year, I just don't use it. It's not like there is a shortage of choices for almost anything.
There may be software like that. And there is other software.
I prefer to have no one-size-fits-all theory concerning the need for security updates. Anything which touches the Internet may be more sensible than other programs, but I use the slrn newsreader and cannot through it into the same drawer. I agree that active development is a criterion if necessary things are under development. Bugs are introduced this way, glitches arrive and are corrected. On the other hand many software packages are scarcely updated. I venture that they come with less need for urgent fixes, too.
Oh come on. Of course you're right, but it's obvious what sgosnell meant.
FF and TB definitely belong in the "There may be software like that" category.
I don't like it either, but there it is.
Oh come on. Of course you're right, but it's obvious what sgosnell meant.
Anyway. My conclusion is that as long as my wife needs Thunderbird, I will read the security announcements. Otherwise the group is of not much interest to me. That is a fact, be there daily alerts or not.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.